Overview#

Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants is defined in RFC 7522 and describes Security Assertion Markup Language (SAML) 2.0 OAuth 2.0 Profiles for OAuth 2.0 Client Authentication and Authorization Grants

Introduction from RFC 7522#

RFC 7522 defines how a SAML Assertion can be used to request an Access Token when a client wishes to utilize an existing trust relationship, expressed through the semantics of the SAML Assertion, without a direct user approval step at the Authorization Server. It also defines how a SAML Assertion can be used as a client authentication mechanism. The use of an Assertion for client authentication is orthogonal to and separable from using an Assertion as an Authorization Grant. They can be used either in combination or separately. Client assertion authentication is nothing more than an alternative way for a client to authenticate to the token endpoint, and it must be used in conjunction with some Grant Type to form a complete and meaningful protocol request. Assertion authorization grants may be used with or without client authentication or identification. Whether or not client authentication is needed in conjunction with an assertion Authorization Grant, as well as the supported types of client authentication, are policy decisions at the discretion of the Authorization Server.

The process by which the client obtains the SAML Assertion, prior to exchanging it with the authorization server or using it for client authentication, is out of scope.

Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants follows the Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 07-Feb-2016 16:41 by jim